PunditR

From CourvilleWiki

Jump to: navigation, search

Contents

PunditR ubuntu configuration

Please find below my installation log with the debian testing distribution.

Hardware configuration

kernel rebuild 

apt-get install build-essential autoconf automake gcc-3.3 g++3.3
apt-get install kernel-package
apt-get install module-assistant
vi /etc/kernel-pkg.conf
apt-get install linux-headers-2.6.15-1-686-smp
apt-get install debhelper kernel-package libqt3-mt-dev xlibs-dev libxtst-dev fakeroot rpm wget

ati driver 

apt-get install fglrx-control fglrx-driver fglrx-kernel-src
apt-get install xbase-clients
  • build module 
module-assistant a-i fglrx
  • perform required modifications to /etc/X11/xorg.conf 
aticonfig --initial

hauppauge pv350 ivtv driver installation

  1. get driver from http://ivtvdriver.org/index.php/Main_Page stable releases can be found at http://dl.ivtvdriver.org/ivtv/stable/
  2. before installation do a 
cd ivtv-*
make && make install
cd utils
cp ivtvfbctl ivtvctl ivtv-detect ivtv-encoder ivtvplay ivtv-mpegindex ivtvfwextract.pl ivtv-radio utils/ivtv-tune /usr/local/bin
apt-get install libconfig-inifiles-perl
cd ..
  1. firmware installation following http://ivtvdriver.org/index.php/Firmware or http://ivtv.writeme.ch/tiki-index.php?page=FirmwareVersions 
wget ftp://ftp.shspvr.com/download/wintv-pvr_150-500/inf/pvr_2.0.24.23035.zip
unzip pvr_2.0.24.23035.zip
cp HcwMakoA.ROM /usr/lib/hotplug/firmware/v4l-cx25840.fw
cp HcwFalcn.rom /usr/lib/hotplug/firmware/v4l-cx2341x-enc.fw
wget ftp://ftp.shspvr.com/download/wintv-pvr_250-350/inf/pvr_1.18.21.22254_inf.zip
unzip pvr_1.18.21.22254_inf.zip
utils/ivtvfwextract.pl pvr_1.18.21.22254_inf.zip
cp v4l-cx2341x-init.mpg /usr/lib/hotplug/firmware
rm /lib/modules/ivtv-fw-enc.bin
mv /lib/modules/ivtv-fw-dec.bin /usr/lib/hotplug/firmware/v4l-cx2341x-dec.fw
modprobe ivtv
dmesg
ivtvctl -d /dev/video0 -u 0x7f0000
ivtvctl -d /dev/video0 -p 4
ivtvctl -d /dev/video0 -f width=720,height=576
ivtv-tune --device=/dev/video0 --freqtable=france --channel=50
mplayer /dev/video0

Server configuration

ssh and rsync 

apt-get install ssh rsync

dns server 

apt-get install bind9
  • in /etc/bind modify following files: 
db.courville.org
db.0.168.192
  • modify named.conf.options and named.conf.local

postfix smtp mail server: with smtp-auth and tls

  • install postfix and other mail tools that I like 
apt-get install postfix mutt procmail emil fetchmail
  • edit following giles 
/etc/postfix/main.cf
/etc/postfix/virtual
/etc/mailname
  • update aliases and virtual map 
postmap /etc/postfix/virtual
postalias /etc/aliases
  • add support for sasl2 
apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util
dpkg-reconfigure postfix
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = hyperion.courville.org'
/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
rm -fr /var/run/saslauthd
  • edit file /etc/default/saslauthd to perform the following modifications: 
START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
MECHANISMS="pam"
  • edit file /etc/init.d/saslauthd to perform the following modifications: 
#PWDIR=/var/run/saslauthd
PWDIR="/var/spool/postfix/var/run/${NAME}"
#PIDFILE="/var/run/${NAME}/saslauthd.pid"
PIDFILE="${PWDIR}/saslauthd.pid"
<snip>
#       dir=`dpkg-statoverride --list $PWDIR`
        dir="root sasl 755 ${PWDIR}"
  • restart sasl auth deamon: 
/etc/init.d/saslauthd start
  • test if everything is in order: 
telnet localhost 25
ehlo localhost
  • if the following appears then it is fine: 
250-STARTTLS
250-AUTH

dovcots imap server with ssl support 

apt-get install dovecot-common dovecot-imapd
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
  • in order to enable ssl certificates and keys need to be generated: let's rely on postfix key previously generated key achieve that goal 
cd /etc/postfix/ssl/
openssl req -new -key smtpd.key -out dovecot.csr
openssl x509 -req -days 3650 -in dovecot.csr -signkey smtpd.key -out dovecot.crt
openssl req -new -x509 -extensions v3_ca -keyout dovecot-cakey.pem -out dovecot-cacert.pem -days 3650
mv dovecot* /etc/dovecot
  • edit /etc/dovecot/dovecot.conf file and add following lines 
protocols = imaps
log_path = /var/log/dovecot.log
syslog_facility = mail
ssl_cert_file = /etc/dovecot/dovecot.crt
ssl_key_file = /etc/dovecot/dovecot.key
ssl_key_password = *REPLACEBYYOURPASSWD*

apache2 ssl configuration

  • instasll apache2 remove apache 
apt-get install apache2
apt-get remove apache
  • edit default configuration: 
cd /etc/apache2/sites-available/
cp default 0080-main
  • make the following changes into 0080-main 
Directory /var/www
RedirectMatch ^/$ /mediawiki/
  • make the following redirections (historical purposes...): 
RedirectMatch ^/marilou$ http://www.courville.org/gallery/Marilou-est-l%E0%21
RedirectMatch ^/phpwiki/Gcc$ http://hyperion/mediawiki/index.php/Gcc
RedirectMatch ^/phpwiki/Hauppauge%20PVR%20250$ http://hyperion/mediawiki/index.php/Hauppauge_PVR_250
RedirectMatch ^/phpwiki/Mythtv$ http://hyperion/mediawiki/index.php/Mythtv
RedirectMatch ^/phpwiki/$ http://hyperion/mediawiki/
  • generate ssl certificate: 
apache2-ssl-certificate
  • create default configuration for port 443 https: 
cd /etc/apache2/sites-available
cp default 0443-ssl
  • activate the links through 
a2ensite 0080-main
a2ensite 0443-ssl
  • add Listen 443 in /etc/apache2/ports.conf
  • in /etc/apache2/sites-available/0443-ssl insert 
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
  • enable the modules 
a2enmod ssl
a2enmod rewrite
  • add the following to /etc/apache2/sites-available/default 
RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
  • restart apache2: 
/etc/init.d/apache2 force-reload

enable both php5 and php4 support

I followed the instructions from http://www.howtoforge.com/book/print/1012 

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert
apt-get install libapache2-mod-php5 php4-cgi
apt-get install php5-imap php-pear php5-curl php5-dev php5-gd php5-ldap php5-mhash php5-mysql php5-odbc php5-recode php5-snmp php5-sqlite php5-xmlrpc php5-xsl php4-auth-pam php4-imagick php4-mcrypt php4-sqlite php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt
  • edit /etc/apache2/apache2.conf and change 
#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.pl index.php index.php4 index.xhtml
  • add suitable handler for .php4 files 
AddHandler php-script .php4
Action php-script /cgi-bin/php4
  • enable following modules 
a2enmod actions
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
  • restart apache2 
/etc/init.d/apache2 restart

provide pxe boot capabilities and dhcp server

I have a diskless mediabox that boot using pxe with custom geexbox distribution http://www.geexbox.org 

apt-get install tftpd-hpa dhcp3-server inetd
  • parametrize tftpd server editing /etc/default/tftpd-hpa 
RUN_DAEMON="yes"
OPTIONS="-l -s /tftpboot"
  • in /etc/dhcp3/dhcpd.conf put for file RELATIVE PATH to /tftpboot 
filename "/GEEXBOX.i386/boot/pxelinux.0";
<snip>
option root-path "/tftpboot/GEEXBOX.i386/";
  • create tftpboot directory 
mkdir /tftpboot
  • update /etc/exports to allow clients
  • copy the result of make pxe of geekbox under /tftpboot/GEEKBOX.i386

fight agains spam: spamassassin 

apt-get install spamassassin spamc spampd
  • enable it in /etc/default/spamassassin

becom a NIS server 

 apt-get install nis
  • domaine: courville.org
  • in /etc/ypserv.securenets 
# This line gives access to everybody. PLEASE ADJUST!
255.255.255.0   192.168.0.0
  • modify following files
  • add in /etc/defaultdomain 
 courville.org
  • edit /etc/default/nis 
NISSERVER=master
  • edit /var/yp/Makefile to propagate also admin group assignements 
# MINGID is the lowest gid that will be included in the group maps.
MINUID=1000
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
MINUID=1000
#Marc to allow centralization of group change. It is possible since same distrib#MINGID=1000
MINGID=4
  • regenerate maps: 
cd /var/yp
make

file server: nfs and autofs 

apt-get install autofs
  • update yp
  • on remote machine make 
ln -s /misc/home home
  • put autofs in /etc/auto.misc

time accuracy: ntp server 

apt-get install ntp-server ntp-doc ntp ntpdate
  • add in /etc/ntp.conf 
server ntp.via.ecp.fr
server ntp.univ-angers.fr
server delphi.phys.univ-tours.fr

ftp server 

apt-get install proftpd proftpd-common

print server for deskjet 970cxi 

apt-get install libgtk1.2 impose+ fig2ps transfig html2ps a2ps enscript

backuppc

The solution to backups: backuppc 

 apt-get install backuppc
 apt-get install libfile-rsync-perl libfile-rsyncp-perl
  • protect the access: 
htpasswd /etc/backuppc/htpasswd backuppc
  • modify /etc/backuppc/loclhost.pl in order to define all the regexps for the backups in file incexcl-hyperion 
$Conf{XferMethod} = 'rsync';
$Conf{RsyncShareName} = '/' ;
$Conf{RsyncArgs} = [
  '--numeric-ids',
  '--perms',
  '--owner',
  '--group',
  '--devices',
  '--links',
  '--times',
  '--block-size=2048',
  '--recursive',
  '--exclude-from=/etc/backuppc/incexcl-hyperion',
  '--exclude-from=/etc/backuppc/incexcl-global',
];
$Conf{RsyncRestoreArgs} = [
  '--numeric-ids',
  '--perms',
  '--owner',
  '--group',
  '--devices',
  '--links',
  '--times',
  '--block-size=2048',
  '--relative',
  '--ignore-times',
  '--recursive',
];
  • generate ssh keys for root and backuppc and grant access for backuppc user to root 
ssh-keygen -t rsa
cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
touch ~/.ssh/authorized_keys
cat BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys
  • add in front of the authorized_keys from "hyperion.courville.org" before the ssh-rsa to limit access to host.
  • note: you need to copy /etc/backuppc/incexcl-* file to all hosts to backup

Web services

router web statistics: mrtg 

apt-get install rddtools mrtg
  • enable snmp on linksys wrt54gs router with dd-wrt alternative firmware
  • generate configuration file 
cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Options[_]: bits,growright' --ifref=ip --output /etc/mrtg.cfg public@192.168.0.1 test it
env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

mediawiki installation

  • If you are transfering a mediawiki database from another computer you need first to perform a backup 
mysqldump -u root --single-transaction wikidb > backup-wikidb.sql
  • prior of installing mediawiki you need to restore the database on the target computer 
mysql -u root
mysql> create database wikidb;
mysql> use wikidb;
mysql> source backup-wikidb.sql;
  • then and only then install mediawiki: 
apt-get install libapache2-mod-proxy-html
apt-get install mediawiki mediawiki-math
apt-get install libcache-memcached-perl memcached turck-mmcache imagemagick libgd2
apt-get install php4-gd2 turck-mmcache memcached tetex-extra gv postscript-viewer xpdf-reader pdf-viewer texi2html dvipng chktex lacheck rubber sam2p libcache-memcached-perl memcached turck-mmcache

mv /var/lib/mediawiki/config/LocalSettings.php /etc/mediawiki/LocalSettings.php
chmod 600 /etc/mediawiki/LocalSettings.php
cp ~www-data/Images/courville-wiki.png /usr/share/mediawiki/skins/common/images/
  • perform custom modifications to /etc/mediawiki/LocalSettings.php: restrict login and edition 
## Shared memory settings
$wgUseMemCached = true;
$wgMemCachedServers = array('localhost');
#force users to login for edit
$wgWhitelistEdit = true;
$wgWhitelistRead = false;
#preventing new user registration http://meta.wikimedia.org/wiki/Preventing_Access and http://meta.wikimedia.org/wiki/Talk:Setting_user_rights_in_MediaWiki
$wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
#change default logo
#put logo into /usr/share/mediawiki/skins/common/images
#$wgLogo = '/var/www/Images/courville-wiki.png';
$wgLogo = "$wgStylePath/common/images/courville-wiki.png";
  • in /etc/php5/apache2/php.ini increase memory from 8M to 20M
  • make sure that /etc/mediawiki/LocalSettings.php has permission 600

gallery installation

  • install gallery: 
apt-get install gallery imagemagick jhead libjpeg-progs mysql-server
  • enable configuration of gallery 
/usr/share/gallery/configure.sh

 /usr/share/gallery/secure.sh

webmail: squirrelmail 

apt-get install squirrelmail
  • configuration 
/usr/sbin/squirrelmail-configure
  • enabling for apache: 
cd /etc/apache2/conf.d
ln -s /etc/squirrelmail/apache.conf squirrelmail
cp /var/www/Images/courville-wiki.png /usr/share/squirrelmail/images/

web statistics: awstats 

apt-get install awstats libnet-ip-perl libgeo-ipfree-perl
cd /etc/awstats
  • add the following plugins in /etc/awstats/awstats.conf geoipfree and Tooltips 
SkipHosts="127.0.0.1 REGEX[^192\.168\.] localhost REGEX[^.*\.localdomain$] REGEX[^.*\.courville.org$]"
SiteDomain="www.courville.org"
LogFile="/var/log/apache2/access.log"
LogFormat=1
  • add apache configuration file /etc/apache2/conf.d/awstats to secure icon path 
Alias /awstats-icon /usr/share/awstats/icon
<Directory /usr/share/awstats/icons>
  php_flag register_globals off
  Options Indexes FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>
</Directory>
  • update permission in /var/log/apache2 to allow user www-data to read access logs 
 chmod a+r /var/log/apache/access*
  • change log file reference to apache2 in cron /etc/cron.d/: 
0,10,20,30,40,50 * * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null
  • in order to process old log files one can use according the FAQ the following tip: 
 LogFile="/usr/share/doc/awstats/examples/logresolvemerge.pl /tmp/logs/access.log.* |"
  • allow www-data user to access apache2 logs 
chgrp www-data /var/log/apache2/access.log

Misc applications

new sources for multimedia support

  • in /etc/apt/sources.list add 
deb ftp://ftp.nerim.net/debian-marillat/ etch main
deb-src ftp://ftp.nerim.net/debian-marillat/ sid main
  • add truster keys to avoid anoying warning when updating 
gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --list-keys
gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys 1F41B907
gpg --armor --export 1F41B907 | apt-key add -
gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys 2D230C5F
gpg --armor --export 2D230C5F | apt-key add -
  • get mplayer and co. 
apt-get install ksubtile acidrip mencoder-586 mplayer-586 mplayer-skin-blue w32codecs

easy search for a package that contains a file 

apt-get install apt-file
apt-file update

vim 

apt-get install vim
update-alternatives --config vi

versioning 

apt-get install tla subversion subversion-tools cvs

zsh 

apt-get install zsh

rox

Lightwave file manager 

apt-get install rox-filer

apt

  • resolve E: Dynamic MMap ran out of room issue when performing an apt-get update: put in /etc/apt/apt.conf 
APT::Cache-Limit 16777216;
  • apt pinning to stay in testing: /etc/apt/preferences 
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release a=testing
Pin-Priority: 1000

Package: *
Pin: release a=unstable
Pin-Priority: 800

Package: *
Pin: release a=experimental
Pin-Priority: 700

tv applications

mythtv 

apt-get install libqt3c102-mt mythtv mythtv-backend mythtv-common mythtv-database mythtv-doc mythtv-frontend mythtv-themes libmyth-0.19 
apt-get install xmltv-gui xmltv-util xmltv libxmltv-perl
  • allow to connect as mythtv user by adding to /etc/sudoers 
marc ALL=(mythtv) ALL, (root) /usr/bin/su mythtv
  • or allow mythtv to access localhost:0.0 
xauth nextract - localhost.localdomain/unix:0 | ssh mythtv@localhost xauth nmerge -
  • perform setup: 
sudo -u mythtv mythtv-setup
sudo /etc/init.d/mythtv-backend start

channel 1 tf1.GIF;/c_img/chaine/tf1.GIF
channel 2 france2.GIF;/c_img/chaine/france2.GIF
channel 3 france3.GIF;/c_img/chaine/france3.GIF
channel 35 rtbf.GIF;/c_img/chaine/rtbf.GIF
channel 37 tsr.GIF;/c_img/chaine/tsr.GIF
channel 4 canalplus.GIF;/c_img/chaine/canalplus.GIF
channel 5 arte.GIF;/c_img/chaine/arte.GIF
channel 6 m6.GIF;/c_img/chaine/m6.GIF
channel 7 france5.GIF;/c_img/chaine/france5.GIF
channel 8 rtl9.GIF;/c_img/chaine/rtl9.GIF
channel 9 tmc.GIF;/c_img/chaine/tmc.GIF

fricorder

In order to record tv programs from your freebox retreive fricorder from http://manatlan.online.fr/fricorder.php 

apt-get install python2.4 python2.4-gtk2 python2.4-gnome2-extras python2.4-glade2 python2.4-xml zenity
apt-get install vlc vlc-plugin-alsa vlc-plugin-arts vlc-plugin-esd vlc-plugin-ggi vlc-plugin-glide vlc-alsa vlc-esd vlc-ggi vlc-gnome vlc-gtk vlc-qt
apt-get install -f vlc/unstable libavahi-common3/unstable

iptables -A INPUT -p udp -s 212.27.38.253 -j ACCEPT

tv program grabbers

  • install another tv program grabber via vbi interface: nxtvepg 
apt-get install nxtvepg

zapping tv viewer 

apt-get install zapping

User configuration

propagate user key into another user

  • generate key for user1 
ssh-keygen -t dsa -b 1024
  • then propagate the key to user2 
ssh-copy-id -i ~/.ssh/id_dsa.pub user2@localhost

change shell for zsh 

chsh -s /bin/zsh marc

backup and synchronization

  • note that -a is equivalent to -rlptgoD 
 rsync -av --numeric-ids --block-size=2048 --exclude-from=./incexcl / root@booster:/agraver/hyperion
  • in file incexcl put 
- /proc/
- /dev/
- /sys/
- /mnt/
- /media/
- /var/autofs/
- /tmp/
- /incexcl
- /etc/network/interfaces
Retrieved from "http://www.courville.org/mediawiki/index.php/PunditR"
Personal tools